In general, typical data content may be encrypted with a same set of keys for scalability and ease of distribution. The encrypted data content may be delivered with encryption keys stored in a physical media, such as a digital versatile disc (DVD) or streamed to a device. Having one encryption key or encryption system for multiple users (e.g., DVD) enables hackers to concentrate their time, effort and computational power at their disposal to perform cracking the encryption in one copy and apply the same cracking procedure to other copies or even other content that is encoded using the same encryption system. For example, DeCSS is a computer program that was created over a decade ago by a group of hackers. The DeCSS program was capable of decrypting content on a commercially produced DVD. The creation of DeCSS made the video content producer industry vulnerable on a large scale.
System wide vulnerability may be overcome with individual user-specific or individual end-device specific encryption of content. The cost of encrypting the entire content for a specific user or a specific playback end-device is high and as a result user-specific encryption or device specific encryption of content is generally not adopted by content creators. As another known alternative, a popular alternative is to encrypt the content with a single set of keys {K1} [Content] and re-encrypt those keys {K1} with a second set of user-specific or device-specific personalized keys {K2} [{K1}] and deliver those keys to authenticated users/devices. The vulnerability in this example is that a coordinated cracking effort by multiple users can eventually enable cracking of the original keys {K1}. Since the same set of keys {K1} is applied to all copies of the content, once cracked, it can be used to decrypt all such copies without authorization or authentication. If the entire content encrypted with {K1} is delivered to an authenticated device as a file and since {K1} is static, it provides an opportunity for motivated hackers to expand efforts to crack the key {K1}. In order to minimize the chances of cracking the key {K1}, video services rely on a dynamic set of keys. Multiple keys are associated with different sections of the content, and the content is delivered in sections and the end devices maintain a small buffer and have to rely on a streaming mode of delivery. Streaming modes of delivery impose a large demand on the delivery network, especially during busy periods. Such a configuration imposes network capacity to be engineered to satisfy this demand and create multiple instances of non-busy periods with heavily under-utilized network capacity.
Currently, the existing procedure for protecting non-streaming content is to deliver the content with the corresponding keys along with the data as in DVDs and Blu-ray discs. Over time, this content and encryption key delivery method can be cracked by diligent hackers as has happened to certain Blu-ray systems of encryption. As a result, vendors of premium content seldom rely on this mode of delivery and are encouraged to wait for non-premium windows of opportunity (i.e., 28 days after theatrical release of a movie) to begin using these known methods of encryption. This lack of a protected system to allow private use by individuals leaves a vacuum in the marketplace (i.e., no option to watch content from home on day 1 of theatrical release for any price).
Personalized encryption methods (on the entire content) require large amounts of computing and data bandwidth resources, as dedicated resources are required to perform encrypting and mapping of each copy of data content delivered to each user and the individually encrypted content needs to be transported entirely to the requesting user. Non-personalized homogeneous encryption, while providing easy distribution of content, also provides ample opportunity to hackers to crack the encryption. It would be optimal to have a simple encryption and distribution scheme to provide individualized content protection while reducing the amount of computer resources required for personalized encryption and network resources required for delivery.